Skip to content

Commit

Permalink
attempt of the verification configuration in security policy
Browse files Browse the repository at this point in the history
  • Loading branch information
@KaterynaHonchar
KaterynaHonchar committed Nov 7, 2022
1 parent 1193c29 commit 2a54c2b
Show file tree
Hide file tree
Showing 2 changed files with 182 additions and 16 deletions.
10 changes: 5 additions & 5 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageEmailNonce.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,11 +147,11 @@ private void processResetPassword(AjaxRequestTarget target) {
}
LOGGER.trace("Reset Password user: {}", user);

if (getFormRef() == null) {
LOGGER.debug("No policies for reset password defined");
getSession().error(getString("pageForgetPassword.message.policy.not.found"));
throw new RestartResponseException(PageEmailNonce.class);
}
// if (getFormRef() == null) { <!--TODO uncomment after MID-8288 fix -->
// LOGGER.debug("No policies for reset password defined");
// getSession().error(getString("pageForgetPassword.message.policy.not.found"));
// throw new RestartResponseException(PageEmailNonce.class);
// }

OperationResult result = saveUserNonce(user, getMailNoncePolicy(user.asPrismObject()));
if (result.getStatus() == OperationResultStatus.SUCCESS) {
Expand Down
188 changes: 177 additions & 11 deletions infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@
<xsd:sequence>
<xsd:element name="authentication" type="tns:AuthenticationsPolicyType" minOccurs="0">
</xsd:element>
<xsd:element name="verification" type="tns:VerificationPolicyType" minOccurs="0">
</xsd:element>
<xsd:element name="credentials" type="tns:CredentialsPolicyType" minOccurs="0">
</xsd:element>
<xsd:element name="flow" type="tns:RegistrationsPolicyType" minOccurs="0">
Expand Down Expand Up @@ -131,6 +133,115 @@
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="VerificationPolicyType">
<xsd:annotation>
<xsd:documentation>
<p>
Definition of user verification mechanisms. Can be used during e.g. password reset process.
</p>
</xsd:documentation>
<xsd:appinfo>
<a:container/>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="identifier" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Identifier of the verification which can be used for referencing the verification.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:element name="modules" type="tns:VerificationModulesType" minOccurs="0" maxOccurs="1">
</xsd:element>
<xsd:element name="sequence" type="tns:VerificationSequenceType" minOccurs="0" maxOccurs="unbounded">
</xsd:element>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="VerificationModulesType">
<xsd:annotation>
<xsd:documentation>
Definition of verification modules that midPoint is aware about.
</xsd:documentation>
<xsd:appinfo>
<a:container/>
</xsd:appinfo>
</xsd:annotation>
<xsd:sequence>
<!-- may be should be unified with AbstractAuthenticationModuleType ?? -->
<!-- <xsd:element name="securityQuestionsForm" type="tns:SecurityQuestionsFormAuthenticationModuleType" minOccurs="0" maxOccurs="unbounded"/> -->
<!-- <xsd:element name="DuoAPI" type="tns:CustomVerificationModuleType" minOccurs="0" maxOccurs="unbounded"/> ?? how to define different custom modules?-->
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="VerificationSequenceType">
<xsd:annotation>
<xsd:documentation>
Verification sequence. It is a sequence of verification modules.
The purpose of the sequence is to guide user through a complete verification process.
</xsd:documentation>
</xsd:annotation>
<xsd:sequence>
<xsd:element name="name" type="xsd:string" minOccurs="1">
<xsd:annotation>
<xsd:documentation>
Unique name of the verification sequence. This name is fact a short identifier.
It is supposed to give some idea about purpose of the sequence to system administrator.
But it is not supposed to be used as a user-friendly label.
Sequence name must be unique.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="displayName" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Display name of sequence. This is shown for identifying of authentication sequence in GUI.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="description" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Free form description of the sequence.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element ref="tns:documentation" minOccurs="0" maxOccurs="1"/>
<xsd:element name="module" type="tns:VerificationSequenceModuleType" minOccurs="1" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Specification of verification module in the sequence.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="targetObjectExpression" type="tns:ExpressionType" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Expression that is supposed to return an object or a group of objects to which current
sequence can be applied.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<xsd:element name="requireAssignmentTarget" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="unbounded">
<xsd:annotation>
<xsd:documentation>
Can be used instead of targetObjectExpression to define if the current sequence is applicable for a
concrete user.
Required assignment target(s). This verification sequence is applicable only to users that
have active assignment with this target (and relation).
All targets must be present. They are checked against effective link values ("roleMembershipRef").
OID, type (if present), and relation is matched. If relation is not defined, org:default is assumed.
Value of q:any may be used to denote any relation value.
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="AuthenticationModulesType">
<xsd:annotation>
<xsd:documentation>
Expand Down Expand Up @@ -1494,17 +1605,11 @@
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="AuthenticationSequenceModuleType">
<xsd:complexType name="SequenceModuleType">
<xsd:annotation>
<xsd:documentation>
<p>
Specification of authentication module in the sequence.
</p>
<p>
The authentication modules are evaluated in sequence (or in parallel if possible).
At least one authentication module must succeed for authentication to be successful.
If there are required or requisite modules in the sequence then all of them must succeed
for the sequence to be successful.
Specification of module in the sequence.
</p>
</xsd:documentation>
<xsd:appinfo>
Expand All @@ -1516,8 +1621,8 @@
<xsd:element name="name" type="xsd:string" minOccurs="1">
<xsd:annotation>
<xsd:documentation>
Reference to the authentication module name. Value of this element must match name of
existing authentication module.
Reference to the module name depending on the type of sequence. Value of this element must match name of
existing module (e.g. in authentication or in verification configuration).
</xsd:documentation>
</xsd:annotation>
</xsd:element>
Expand Down Expand Up @@ -1545,11 +1650,72 @@
</xsd:documentation>
</xsd:annotation>
</xsd:element>
<!-- later: requireAuthenticationAttribute, transformAuthenticationAttribute -->
</xsd:sequence>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="AuthenticationSequenceModuleType">
<xsd:annotation>
<xsd:documentation>
<p>
Specification of authentication module in the sequence.
</p>
<p>
The authentication modules are evaluated in sequence (or in parallel if possible).
At least one authentication module must succeed for authentication to be successful.
If there are required or requisite modules in the sequence then all of them must succeed
for the sequence to be successful.
</p>
</xsd:documentation>
<xsd:appinfo>
<a:container/>
<a:since>4.1</a:since>
</xsd:appinfo>
</xsd:annotation>
<xsd:extension base="tns:SequenceModuleType">
<!-- later: requireAuthenticationAttribute, transformAuthenticationAttribute -->
</xsd:extension>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:complexType name="VerificationSequenceModuleType">
<xsd:annotation>
<xsd:documentation>
<p>
Specification of verification module in the sequence.
</p>
</xsd:documentation>
<xsd:appinfo>
<a:container/>
<a:since>4.1</a:since>
</xsd:appinfo>
</xsd:annotation>
<xsd:extension base="tns:SequenceModuleType">
<xsd:sequence>
<xsd:element name="formRef" type="c:ObjectReferenceType" minOccurs="0" maxOccurs="1">
<xsd:annotation>
<xsd:documentation>
Reference to the verification module form
</xsd:documentation>
<xsd:appinfo>
<a:objectReferenceTargetType>tns:FormType</a:objectReferenceTargetType>
</xsd:appinfo>
</xsd:annotation>
</xsd:element>
<xsd:element name="panelType" type="xsd:string" minOccurs="0">
<xsd:annotation>
<xsd:documentation>
<p>
Unique identifier used to reference a panel.
</p>
</xsd:documentation>
</xsd:annotation>
</xsd:element>
</xsd:sequence>
</xsd:extension>
<xsd:attribute name="id" type="xsd:long"/>
</xsd:complexType>

<xsd:simpleType name="AuthenticationSequenceModuleNecessityType">
<xsd:annotation>
<xsd:documentation>
Expand Down

0 comments on commit 2a54c2b

Please sign in to comment.